aoncyberlabs / padbuster Goto Github PK

Automated script for performing Padding Oracle attacks

Home Page: http://www.gdssecurity.com/l/

License: Apache License 2.0

Perl 100.00%

padbuster's Introduction

PadBuster - Automated script for performing Padding Oracle attacks

Author: Brian Holyfield - Gotham Digital Science ([email protected])

Credits to J.Rizzo and T.Duong for providing proof of concept web exploit
techniques and S.Vaudenay for initial discovery of the attack. Credits also
to James M. Martin ([email protected]) for sharing proof of concept exploit
code for performing various brute force attack techniques.

PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster  
provides the capability to decrypt arbitrary ciphertext, encrypt arbitrary plaintext, 
and perform automated response analysis to determine whether a request is vulnerable 
to padding oracle attacks.

PadBuster is released under the Apache License, version 2.0 (Apache-2.0)
https://opensource.org/licenses/Apache-2.0

padbuster's People

Contributors

Stargazers

Watchers

Forkers

wireghoul gw0 qqshow topplers chiehwen kingsabri v-egoshin bussiere 10457793 lasimmm catufunwa meatballs1 h4ppy7ree perimbean roo7break pepitowow cplushua01 haofree aiongw softly3 makkena52 luca-m awesomo4000 rompehielos rahiparikh alex-metasploit barbooor razhack funstuff kostyll syjzwjj haxsscker susu102 nahidupa hongxs ye-yong-chi m1a0yu3 hxp2k6 ning1022 digitalboys puniaze sooxt98 tweekfawkes paran0ids0ul m00zh33 i0t sagittarius-a totemofwolf sigma-random shit0u copperman magnologan hhbktaidi b8box zcr214 auooo hackpanda rossmairm sauarora20 solertis luffin elchappo crmaxx ashr huntpig yeshuibo jamalmo mgcfish dselig11235 python3pkg arryboom avineshwar hoanganhnhung noorqureshi johnhubcr spejosh prosouth tigerteamdevops qsdj codingo falfeo gncao oliavd murthysagi melvinvarkey kuteminh11 talk2noob truenix arongmh jordanlarose fortunec00kie lhxkailiang 0thm4n3 tailoredaccessteam limkokholefork loneboat sagaroffsec fxb6476 team-firebugs opreaandre04

padbuster's Issues

Illegal modulus error tool is not running

Illegal modulus zero at /usr/bin/padbuster line 166.

Padbuster does not work on https with untrusted certs

Padbuster gives 500 unable to connect errors on a website with an invalid ssl cert. Add $ENV('PERL_LWP_SSL_VERIFY_HOSTNAME') = 0; to the request method to fix.

Bypass SSL check and Pass through Burp For NTLM Authentication

I was testing an app which requires to skip SSL check and perform NTLM authentication through Burp Proxy on a Windows machine.

The SSL checking can be bypassed by appending $lwp ->ssl_opts(verify_hostname => 0,SSL_verify_mode => 0x00); after the following

  $lwp = LWP::UserAgent->new(env_proxy => 1,
                            keep_alive => 1,
                            timeout => 30,
                requests_redirectable => [],
                            );

I used the proxy option but somehow it was not working because the original code proxied the http traffic only, so I changed the code from

$lwp->proxy(['http'], "http://".$proxy);

$lwp->proxy('https', "http://127.0.0.1:8080");

so the https traffic would be proxied to burp.

aoncyberlabs / padbuster Goto Github PK

padbuster's Introduction

padbuster's People

Contributors

Stargazers

Watchers

Forkers

padbuster's Issues

Illegal modulus error tool is not running

Padbuster does not work on https with untrusted certs

Bypass SSL check and Pass through Burp For NTLM Authentication

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent